From nobody Mon May 6 03:51:09 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp4654802jap; Mon, 6 Dec 2021 07:51:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJz3ILUrgsHkWdR1Jh0GWprdyk9SiYr/OMIGZCMGewIV2QuJ0CQGgC5aViWtD1fCWB3A/NPi X-Received: by 2002:a37:2f45:: with SMTP id v66mr33324462qkh.752.1638805895149; Mon, 06 Dec 2021 07:51:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638805895; cv=none; d=google.com; s=arc-20160816; b=r5xes8AEhvDkPNkpobMEZFHC3qaDN6Ag5qyyZCouwJVbiaHkuwk0rGp3uaFHnkuLUK J6wULbyyIylJMIMcZ+w+gKTuOOSB2LMpYtMNsOnMrgbagyTE2GBWEqDDPQmkmBgFAOhf xbgkU0JrkTmK5sg7jjMly4SF3SXZlOOW/4zd9KB8mQgjtltL5VsUdCJ9TFgV/DT/SNZ0 6nGyJl92hq81YyfIAK8/u8byfFKNF21h/yKqXiycNxsUna0cKOaOgYPBhk2c9D0cYd80 dAPAv1asNQs0y61kerf4fmPH0q4iE86y7aOjGEdZhphXDbUie722ACwbJRxt/4/I5oO3 D6PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=eTA2NoO6PqLb4MYS0Q2EcSV/H5J+XPfr2812oSXt8to=; b=RsqBLvEQ8gVM6lMbbuQobFRvYytKRZelM0ZEjd8unSSd69PU0l2F7hIJqxAFn1cbbK DnJgqxqA/CFCIkVEKokOTzSMDB+hURpqPgG4SjlK94CkMEAcjniPPHd+rowvckuUYkmY UzmsSxzeohyuDj/gFfQTh8bvLGZcEZjRS55aIXIp1WCyo9+7GSx8lpMvqW4zOn9GQWPj RKjwuCDuAyeiN+LzCM9BNOI4/1r1BzmPsxrMbiWdFTGH+eUwx0LBG0qCEZ1KmHIvAyl/ Qo8AQ61g1L/u4QHgR6X3dYokQ1oAvt8YQE2sZfYP/Kq3Rr0OLmzWtM4/OBqzHJrLwYh4 Tiuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2653-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2653-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195]) by mx.google.com with ESMTPS id bj2si15939922qkb.477.2021.12.06.07.51.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Dec 2021 07:51:35 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2653-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) client-ip=147.75.197.195; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2653-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2653-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id DCD441C076D for ; Mon, 6 Dec 2021 15:51:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9B1AE2C80; Mon, 6 Dec 2021 15:51:33 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DC1729CA for ; Mon, 6 Dec 2021 15:51:32 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1muGH4-0001ql-Br; Mon, 06 Dec 2021 16:51:30 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH mptcp 1/2] mptcp: clear 'kern' flag from fallback sockets Date: Mon, 6 Dec 2021 16:51:19 +0100 Message-Id: <20211206155120.26929-2-fw@strlen.de> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211206155120.26929-1-fw@strlen.de> References: <20211206155120.26929-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp sockets (any userspace-exposed socket). But in case of fallback, accept() can return a plain tcp sk. In such case, sk is still tagged as 'kernel' and setsockopt will work. This will crash the kernel, The subflow extension has a NULL ctx->conn mptcp socket: BUG: KASAN: null-ptr-deref in subflow_data_ready+0x181/0x2b0 Call Trace: tcp_data_ready+0xf8/0x370 [..] Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections= ") Signed-off-by: Florian Westphal --- net/mptcp/protocol.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 8319e601bc2d..34ea4b25128e 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3025,6 +3025,7 @@ static struct sock *mptcp_accept(struct sock *sk, int= flags, int *err, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); } =20 + newsk->sk_kern_sock =3D kern; return newsk; } =20 --=20 2.32.0 From nobody Mon May 6 03:51:09 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a02:cbb9:0:0:0:0:0 with SMTP id v25csp4654940jap; Mon, 6 Dec 2021 07:51:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJyl/DLblKcPXZxJe4IGntfmqoaH8mbMp89YTN8kZVEgfjmHKNc8F/Tj+AP93YUIodyMGaHn X-Received: by 2002:a05:622a:120e:: with SMTP id y14mr40049337qtx.671.1638805900478; Mon, 06 Dec 2021 07:51:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638805900; cv=none; d=google.com; s=arc-20160816; b=jRWregjzcT5m0HcssXcs1sj2/lpoB3RjFRwqH3wkY2MZ6ZLeguNgWH5YwRqqHuqjEJ Sdl1U1yOcu/OeXR6QlLhqJinDqNOO48ludMR/nC3NsEbRj8j6yMjvUDLPchqXrAAQvqd 8NUT3wD+vD+gfO/5i1Rj3fIoFtwK7bqt54diN5sVhiT3gnsWxG8MWe2xI7TZgDdxsfjX cKqjBZruzF41c/klYZump/HaR1AP3nrTiyaAeGVMFXcWJgklTh8IaZ0qnTP7EZrlxsNL YEPZnv9EjF0bGL4jzr73xpBekUqBB5swcyRP5iL5wevVi8jSA3Ax6VEcyzOK/RseRRQi Fh8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=7Yya6iOCe8SKpva1FSdBNSGLagnvg37ElLO3r2ET40s=; b=Zb1x/SSpncIlN0OB8Gk5drhuh9f6WCH0k0wVOAfVM/IooKC9FKmmcYg9GREd38Gf45 RoH2z1L9pFGQMFZvIqXHMV8Y6moIBYDLOSMJm7d3PMlv6ii15WcKcMlOmfUg269nDGHv DC5ixNJWO+UsiMXmGYoklMeMC5IrCPhDSg7ZjJ05XQ5BaTLe0+iLSO1w/rpTtxSzA8J/ 0kutgX3iBdMuWV2yyZZdzZBv6fiVSYF97A7HIJ+n22qWB6I9BrA0QBFLnAUdZo7RXUk8 jdVNXQshFIGWZRpGMoeyp8tj4gscFunRm6osZ+6ur6u/YflcYHmi0RA8Ve/QQec4lNMI kh6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2654-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2654-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195]) by mx.google.com with ESMTPS id fq14si13523825qvb.332.2021.12.06.07.51.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Dec 2021 07:51:40 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-2654-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) client-ip=147.75.197.195; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-2654-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.197.195 as permitted sender) smtp.mailfrom="mptcp+bounces-2654-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id 3425E1C08CB for ; Mon, 6 Dec 2021 15:51:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AE8B92CAB; Mon, 6 Dec 2021 15:51:38 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CD132C80 for ; Mon, 6 Dec 2021 15:51:37 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1muGH8-0001qx-N3; Mon, 06 Dec 2021 16:51:35 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH mptcp 2/2] selftests: mptcp: try to set mptcp ulp mode in different sk states Date: Mon, 6 Dec 2021 16:51:20 +0100 Message-Id: <20211206155120.26929-3-fw@strlen.de> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211206155120.26929-1-fw@strlen.de> References: <20211206155120.26929-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The kernel will crash without 'mptcp: clear 'kern' flag from fallback sockets' change. Since this doesn't slow down testing in a noticeable way, run this unconditionally. The explicit test did not catch this, because the check was done for tcp socket returned by 'socket(.. IPPROTO_TCP) rather than a tcp socket returned by accept() on a mptcp listen fd. Signed-off-by: Florian Westphal --- .../selftests/net/mptcp/mptcp_connect.c | 97 ++++++++++--------- .../selftests/net/mptcp/mptcp_connect.sh | 20 ---- 2 files changed, 51 insertions(+), 66 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index ffdf7bbc16af..8628aa61b763 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -61,7 +61,6 @@ static enum cfg_peek cfg_peek =3D CFG_NONE_PEEK; static const char *cfg_host; static const char *cfg_port =3D "12000"; static int cfg_sock_proto =3D IPPROTO_MPTCP; -static bool tcpulp_audit; static int pf =3D AF_INET; static int cfg_sndbuf; static int cfg_rcvbuf; @@ -120,7 +119,6 @@ static void die_usage(void) fprintf(stderr, "\t-R num -- set SO_RCVBUF to num\n"); fprintf(stderr, "\t-s [MPTCP|TCP] -- use mptcp(default) or tcp sockets\n"= ); fprintf(stderr, "\t-S num -- set SO_SNDBUF to num\n"); - fprintf(stderr, "\t-u -- check mptcp ulp\n"); fprintf(stderr, "\t-w num -- wait num sec before closing the socket\n"); exit(1); } @@ -228,6 +226,42 @@ static void set_transparent(int fd, int pf) } } =20 +static int do_ulp_so(int sock, const char *name) +{ + return setsockopt(sock, IPPROTO_TCP, TCP_ULP, name, strlen(name)); +} + +#define X(m) xerror("%s:%u: %s: failed for proto %d at line %u", __FILE__,= __LINE__, (m), proto, line) +static void sock_test_tcpulp(int sock, int proto, unsigned int line) +{ + socklen_t buflen =3D 8; + char buf[8] =3D ""; + int ret =3D getsockopt(sock, IPPROTO_TCP, TCP_ULP, buf, &buflen); + + if (ret !=3D 0) + X("getsockopt"); + + if (buflen > 0) { + if (strcmp(buf, "mptcp") !=3D 0) + xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); + ret =3D do_ulp_so(sock, "tls"); + if (ret =3D=3D 0) + X("setsockopt"); + } else if (proto =3D=3D IPPROTO_MPTCP) { + ret =3D do_ulp_so(sock, "tls"); + if (ret !=3D -1) + X("setsockopt"); + } + + ret =3D do_ulp_so(sock, "mptcp"); + if (ret !=3D -1) + X("setsockopt"); + +#undef X +} + +#define SOCK_TEST_TCPULP(s, p) sock_test_tcpulp((s), (p), __LINE__) + static int sock_listen_mptcp(const char * const listenaddr, const char * const port) { @@ -251,6 +285,8 @@ static int sock_listen_mptcp(const char * const listena= ddr, if (sock < 0) continue; =20 + SOCK_TEST_TCPULP(sock, cfg_sock_proto); + if (-1 =3D=3D setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) perror("setsockopt"); @@ -273,50 +309,17 @@ static int sock_listen_mptcp(const char * const liste= naddr, return sock; } =20 + SOCK_TEST_TCPULP(sock, cfg_sock_proto); + if (listen(sock, 20)) { perror("listen"); close(sock); return -1; } =20 - return sock; -} + SOCK_TEST_TCPULP(sock, cfg_sock_proto); =20 -static bool sock_test_tcpulp(const char * const remoteaddr, - const char * const port) -{ - struct addrinfo hints =3D { - .ai_protocol =3D IPPROTO_TCP, - .ai_socktype =3D SOCK_STREAM, - }; - struct addrinfo *a, *addr; - int sock =3D -1, ret =3D 0; - bool test_pass =3D false; - - hints.ai_family =3D AF_INET; - - xgetaddrinfo(remoteaddr, port, &hints, &addr); - for (a =3D addr; a; a =3D a->ai_next) { - sock =3D socket(a->ai_family, a->ai_socktype, IPPROTO_TCP); - if (sock < 0) { - perror("socket"); - continue; - } - ret =3D setsockopt(sock, IPPROTO_TCP, TCP_ULP, "mptcp", - sizeof("mptcp")); - if (ret =3D=3D -1 && errno =3D=3D EOPNOTSUPP) - test_pass =3D true; - close(sock); - - if (test_pass) - break; - if (!ret) - fprintf(stderr, - "setsockopt(TCP_ULP) returned 0\n"); - else - perror("setsockopt(TCP_ULP)"); - } - return test_pass; + return sock; } =20 static int sock_connect_mptcp(const char * const remoteaddr, @@ -340,6 +343,8 @@ static int sock_connect_mptcp(const char * const remote= addr, continue; } =20 + SOCK_TEST_TCPULP(sock, proto); + if (cfg_mark) set_mark(sock, cfg_mark); =20 @@ -354,6 +359,8 @@ static int sock_connect_mptcp(const char * const remote= addr, } =20 freeaddrinfo(addr); + if (sock !=3D -1) + SOCK_TEST_TCPULP(sock, proto); return sock; } =20 @@ -983,6 +990,8 @@ int main_loop_s(int listensock) xerror("can't open %s: %d", cfg_input, errno); } =20 + SOCK_TEST_TCPULP(remotesock, 0); + copyfd_io(fd, remotesock, 1, true); } else { perror("accept"); @@ -1127,6 +1136,8 @@ int main_loop(void) again: check_getpeername_connect(fd); =20 + SOCK_TEST_TCPULP(fd, cfg_sock_proto); + if (cfg_rcvbuf) set_rcvbuf(fd, cfg_rcvbuf); if (cfg_sndbuf) @@ -1243,7 +1254,7 @@ static void parse_opts(int argc, char **argv) { int c; =20 - while ((c =3D getopt(argc, argv, "6c:hi:I:jlm:M:o:p:P:r:R:s:S:t:T:uw:")) = !=3D -1) { + while ((c =3D getopt(argc, argv, "6c:hi:I:jlm:M:o:p:P:r:R:s:S:t:T:w:")) != =3D -1) { switch (c) { case 'j': cfg_join =3D true; @@ -1275,9 +1286,6 @@ static void parse_opts(int argc, char **argv) case 'h': die_usage(); break; - case 'u': - tcpulp_audit =3D true; - break; case '6': pf =3D AF_INET6; break; @@ -1331,9 +1339,6 @@ int main(int argc, char *argv[]) signal(SIGUSR1, handle_signal); parse_opts(argc, argv); =20 - if (tcpulp_audit) - return sock_test_tcpulp(cfg_host, cfg_port) ? 0 : 1; - if (listen_mode) { int fd =3D sock_listen_mptcp(cfg_host, cfg_port); =20 diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/tes= ting/selftests/net/mptcp/mptcp_connect.sh index de6c630a59da..cb5809b89081 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -301,24 +301,6 @@ check_mptcp_disabled() return 0 } =20 -check_mptcp_ulp_setsockopt() -{ - local t retval - t=3D"ns_ulp-$sech-$(mktemp -u XXXXXX)" - - ip netns add ${t} || exit $ksft_skip - if ! ip netns exec ${t} ./mptcp_connect -u -p 10000 -s TCP 127.0.0.1 2>&1= ; then - printf "setsockopt(..., TCP_ULP, \"mptcp\", ...) allowed\t[ FAIL ]\n" - retval=3D1 - ret=3D$retval - else - printf "setsockopt(..., TCP_ULP, \"mptcp\", ...) blocked\t[ OK ]\n" - retval=3D0 - fi - ip netns del ${t} - return $retval -} - # $1: IP address is_v6() { @@ -812,8 +794,6 @@ make_file "$sin" "server" =20 check_mptcp_disabled =20 -check_mptcp_ulp_setsockopt - stop_if_error "The kernel configuration is not valid for MPTCP" =20 echo "INFO: validating network environment with pings" --=20 2.32.0